Payments apps overview
Payments apps are public apps that integrate with the Shopify admin to provide payment processing services. Only approved partners will be able to build payments apps on Shopify's Payments Platform.
Using a payments app, merchants can redirect buyers to an app-hosted page for payment processing, which may include the following payment methods:
- Wallets (refer to Prohibited actions for current limitations)
- Buy Now Pay Later / Installments / Buyer Financing
- Bank Transfers / Online Banking
- Cash + ATM
The payment methods support the following operations:
- Charge: Partners can collect a buyer’s payment information and charge them for their purchase
- Refund: Merchants can trigger a refund from their Shopify admin
- Authorize: Merchants can place a hold that can be charged at a later time
- Capture: Merchants can charge the amount previously specified via an authorization
- Void: Merchants can cancel a previously authorized amount.
Merchants decide whether they prefer to capture funds at the time of purchase or at the time of fulfillment. For more information, refer to Payment authorization.
The experience of onboarding to Shopify's Payments Platform includes the following main process steps:
- Discover - Review how payments apps work and the various requirements.
- Build - Refer to the getting started guide to walk through each step of the process, from becoming a payments partner to building your app.
- Launch - Learn how to submit your app for review.
Payments apps requirements
The following list of requirements includes the minimum product requirements and payments partner responsibilities required for building payments apps. If you fail to adhere to these requirements, then Shopify can remove your app from the public list of payment gateways, suspend access to the payments ecosystem, terminate participation in the payments ecosystem, or take any other action deemed necessary.
Partners building payments apps need to consider the following requirements:
- Merchant discovery - For a payments app to appear on Shopify’s public list of payment gateways, the payments app must be used by at least 50 Shopify stores and must have processed over $1,000,000 USD. After this condition is met, payments partners can apply to Shopify to have their payments app included in the list of payment gateways in the Shopify admin. Shopify will review and determine at its sole discretion whether the payments app is approved for public listing.
- Approval process required? - To make sure merchants can present a positive buyer experience, any app extension configurations must be approved by Shopify. All apps must also be approved before merchants can install them.
- Payments partner responsibilities - Payments apps must fully adhere to all payments partner responsibilities, including revenue share agreements.
- Minimum product requirements - Payments apps must adhere to technical requirements and provide a high-quality merchant experience as described in the minimum product requirements.
Minimum product requirements
Payments apps have the following feature requirements:
- They need to implement the ability for a merchant to charge, refund, and process test transactions.
- They need to be 3DS compliance if they're processing credit card payments in specific countries.
- Idempotency: To provide a consistent customer experience, payments apps must implement idempotency.
- Retry policy: In case of network errors, payments apps must retry their requests according to the retry policy.
- Mutual TLS (mTLS): Authentication must be implemented to guarantee that traffic is secure and trusted in both directions between Shopify and your payments app. This authentication allows your app to confirm if an upstream request has originated from Shopify. Payments apps must use the Shopify CA certificate for verification.
- Rate limiting: Your app's GraphQL requests are rate limited according to the rate limiting guidelines.
- API Versioning: Partners must implement a supported version of Shopify's Payments Apps APIs. Partners can configure the API version that their payments app will use to receive requests from Shopify. Partners must use the same API version for sending GraphQL requests. API versions are updated in accordance with Shopify's general API versioning timelines.
- 3-D Secure: If you offer credit card payment methods in a country where 3-D Secure authentication is mandated, then you must support 3-D Secure authentication.
- GDPR: You need to implement GDPR webhooks.
- App extension configuration change approvals: To provide a positive buyer experience for customers, your app extension configuration changes must be approved by Shopify. For more information on app extension changes and reviews, refer to How to become a payments partner.
Merchant experience requirements
- Payments apps must at a minimum be operational and available on a twenty-four-hour, seven days a week (24x7) basis at least 99.95% of the time in any measurement period.
- In the event of outages or issues, partners must respond within 2 hours.
- Payments apps must provide servicing support to all merchants.
When you submit your payments app to the Shopify App Store for review, you need to fill out Part G. Testing instructions on the app listing with the following testing details:
- A test store with the payments app installed
- The required credentials to enable installing the payments app for testing (for example, activation codes and login credentials)
- Instructions on how to process a test payment and refund
A description of specific testing scenarios:
- Installments / deferred payments
- 3D Secure authentication (if applicable)
A screencast of how your payments app / payment flow will work on each of the supported browsers.
Payments partner responsibilities
Payment processing is a core part of Shopify merchants’ workflows. Our stores run 24/7 selling to customers in a variety of currencies across the globe. We rely on and trust our payments partners to provide a secure environment for customers to purchase and help merchants handle settlement and payouts.
During a customer’s purchase, payments apps are responsible for the following:
- Securely collecting a buyer’s payment information and adhering to applicable law and any PCI requirements or market regulations, including the secure storage of buyer data.
- Processing the payment according to parameters specified by Shopify.
- Redirecting the buyer to Shopify.
- Settling transactions within five days.
Partners are responsible for monitoring and managing risk and fraud. If an unreasonably high percentage of a merchant's payments are fraudulent or high-risk (as determined in Shopify’s sole discretion), then Shopify may take action. Actions can include the following:
- Removing your payments app from Shopify's public list of payment gateways
- Restricting access to Shopify’s payments ecosystem
- Taking any other action deemed necessary
Transparent pricing and flexible merchant agreements
- Partners must have transparent, easy-to-understand pricing for merchants.
- Partners can't offer low promotional or introductory rates for a limited time to later increase the rate.
- Partners can't refer to any fee, expense, or other costs as Shopify fees on invoices to merchants.
- Partners must allow merchants to terminate their merchant agreements with a 7-day notice period without penalty, fine, or other consequence.
Revenue share agreement
All partners are required to have a signed revenue share agreement with Shopify. Revenue share is calculated and applied on total payments volume (total GMV) processed by the payments app for all Shopify merchants with the app installed.
A signed revenue share agreement is required before Shopify approves a payments app to process real, live payments. More information will be provided once partners have requested for access to the Payments Platform (coming soon in Q3).
Payments apps aren't permitted to do any of the following:
- Use any Shopify APIs (including the Checkout API, Admin API, or Subscription APIs other than the Payments Apps APIs, unless granted permission by Shopify.
- Store payment credentials for unapproved purposes. You can only use credentials for the original transaction or services approved by Shopify.
- Redistribute, share, transfer, sell unauthorized access to Shopify’s Payments Platform without Shopify’s approval. Access to Shopify’s payments ecosystem is strictly provided to the approved payments partner only.
- Create fake or fraudulent merchants, orders, or sales.
- Process payment methods for which Shopify already has a direct relationship. This includes, but is not limited to the following: Apple Pay, Google Pay, Shop Pay, PayPal, and Alipay.
To make choosing additional payment methods as straightforward as possible for merchants, you should adhere to certain rules when naming your payments app:
The name of the payments app can't contain marketing text: For example, the name “World's Best Provider: Get 50 payment methods” isn't allowed. This is because merchants won't see the name of the payments app until they have chosen the payment method they wish to add to their store.
Instead you should use the app listing for marketing messages. Merchants can access app listings when they add a payment method.
The name of the payment app can't be used by partners to gain a higher listing: There isn't a general alphabetized directory of payments apps for merchants to navigate. Instead merchants will discover payments apps using the payment methods they want to add.
You should make sure that the payment methods and locations offered are accurate because this is the only information that's used to surface the app to merchants. If a name appears to have been created with the purpose of gaining a higher listing on an alphabetized list, then it will not be allowed.
Other considerations for payments apps
- Line items, order ID, and checkout ID aren't available through the Payments Apps APIs.
- Payments apps aren't visible nor installable in the Shopify App Store.
- As part of the payment processing flow, buyers must enter their payment information on a page hosted by the payments developer.